Skip to content

Commit 5c66358

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-9vqf-p3v5-qmh2 GHSA-j7v6-9xg3-v59m
1 parent c1a1373 commit 5c66358

File tree

2 files changed

+92
-0
lines changed

2 files changed

+92
-0
lines changed

advisories/unreviewed/2025/05/GHSA-9vqf-p3v5-qmh2/GHSA-9vqf-p3v5-qmh2.json

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9vqf-p3v5-qmh2",
4+
"modified": "2025-05-04T00:30:36Z",
5+
"published": "2025-05-04T00:30:36Z",
6+
"aliases": [
7+
"CVE-2025-47244"
8+
],
9+
"details": "Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47244"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://docs.inedo.com/docs/proget/installation/installation-guide"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://forums.inedo.com"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://my.inedo.com/downloads/installers?product=ProGet"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://seclists.org/fulldisclosure/2025/Apr/30"
37+
}
38+
],
39+
"database_specific": {
40+
"cwe_ids": [
41+
"CWE-288"
42+
],
43+
"severity": "HIGH",
44+
"github_reviewed": false,
45+
"github_reviewed_at": null,
46+
"nvd_published_at": "2025-05-03T23:15:48Z"
47+
}
48+
}

advisories/unreviewed/2025/05/GHSA-j7v6-9xg3-v59m/GHSA-j7v6-9xg3-v59m.json

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-j7v6-9xg3-v59m",
4+
"modified": "2025-05-04T00:30:36Z",
5+
"published": "2025-05-04T00:30:36Z",
6+
"aliases": [
7+
"CVE-2025-47245"
8+
],
9+
"details": "In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "WEB",
20+
"url": "https://github.com/bluewave-labs/Checkmate/security/advisories/GHSA-7x3q-g6gq-f4mm"
21+
},
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47245"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/bluewave-labs/Checkmate/pull/2160"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/bluewave-labs/Checkmate/commit/d4a60723f490502b3fe6f7f780a85d29bf5d1385"
33+
}
34+
],
35+
"database_specific": {
36+
"cwe_ids": [
37+
"CWE-472"
38+
],
39+
"severity": "HIGH",
40+
"github_reviewed": false,
41+
"github_reviewed_at": null,
42+
"nvd_published_at": "2025-05-04T00:15:15Z"
43+
}
44+
}

0 commit comments

Comments
 (0)